Fail2ban will read user custom config file "/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.

Fail2ban will read user custom config file "/usr/local/etc/fail2ban/jail.local" by default, it's highly recommended to create this file and write all your settings in this file, so that you can easily upgrade Fail2ban without change config files.

Configure Fail2ban

We will configure Fail2ban to protect 4 services: ssh, smtp, pop3/imap and webmail.

Fail2ban ships filter for sshd service, so we just need to create 3 new filter files. Filter file defines regular expressions to find which IP addresses we should ban.

We now have 3 new filter files, it's time to let Fail2ban use them. Since ssh filter is enabled by default, we don't need to touch any config files, so we just need to create "/etc/fail2ban/jail.local" (Linux) or "/usr/local/etc/fail2ban/jail.local" (FreeBSD) to enable these 3 new filters.

Note:

You may need to change "logpath" of roundcube and postfix filter on different Linux/BSD.